From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 11 May 2018 07:00:04 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v3.18.109~33
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b1ffcda4aef6020b608e3aa3af1491fe068bd468;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	kvm-ppc-book3s-hv-fix-guest-time-accounting-with-virt_cpu_accounting_gen.patch
	kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch
	kvm-ppc-book3s-hv-fix-vrma-initialization-with-2mb-or-1gb-memory-backing.patch
---

diff --git a/queue-4.14/kvm-ppc-book3s-hv-fix-guest-time-accounting-with-virt_cpu_accounting_gen.patch b/queue-4.14/kvm-ppc-book3s-hv-fix-guest-time-accounting-with-virt_cpu_accounting_gen.patch
new file mode 100644
index 00000000000..c46a7f3e862
--- /dev/null
+++ b/queue-4.14/kvm-ppc-book3s-hv-fix-guest-time-accounting-with-virt_cpu_accounting_gen.patch
@@ -0,0 +1,59 @@
+From 61bd0f66ff92d5ce765ff9850fd3cbfec773c560 Mon Sep 17 00:00:00 2001
+From: Laurent Vivier <lvivier@redhat.com>
+Date: Fri, 2 Mar 2018 11:51:56 +0100
+Subject: KVM: PPC: Book3S HV: Fix guest time accounting with VIRT_CPU_ACCOUNTING_GEN
+
+From: Laurent Vivier <lvivier@redhat.com>
+
+commit 61bd0f66ff92d5ce765ff9850fd3cbfec773c560 upstream.
+
+Since commit 8b24e69fc47e ("KVM: PPC: Book3S HV: Close race with testing
+for signals on guest entry"), if CONFIG_VIRT_CPU_ACCOUNTING_GEN is set, the
+guest time is not accounted to guest time and user time, but instead to
+system time.
+
+This is because guest_enter()/guest_exit() are called while interrupts
+are disabled and the tick counter cannot be updated between them.
+
+To fix that, move guest_exit() after local_irq_enable(), and as
+guest_enter() is called with IRQ disabled, call guest_enter_irqoff()
+instead.
+
+Fixes: 8b24e69fc47e ("KVM: PPC: Book3S HV: Close race with testing for signals on guest entry")
+Signed-off-by: Laurent Vivier <lvivier@redhat.com>
+Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/book3s_hv.c |    5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -2847,7 +2847,7 @@ static noinline void kvmppc_run_core(str
+ 	 */
+ 	trace_hardirqs_on();
+ 
+-	guest_enter();
++	guest_enter_irqoff();
+ 
+ 	srcu_idx = srcu_read_lock(&vc->kvm->srcu);
+ 
+@@ -2855,8 +2855,6 @@ static noinline void kvmppc_run_core(str
+ 
+ 	srcu_read_unlock(&vc->kvm->srcu, srcu_idx);
+ 
+-	guest_exit();
+-
+ 	trace_hardirqs_off();
+ 	set_irq_happened(trap);
+ 
+@@ -2890,6 +2888,7 @@ static noinline void kvmppc_run_core(str
+ 	kvmppc_set_host_core(pcpu);
+ 
+ 	local_irq_enable();
++	guest_exit();
+ 
+ 	/* Let secondaries go back to the offline loop */
+ 	for (i = 0; i < controlled_threads; ++i) {
diff --git a/queue-4.14/kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch b/queue-4.14/kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch
new file mode 100644
index 00000000000..9c4d533be04
--- /dev/null
+++ b/queue-4.14/kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch
@@ -0,0 +1,98 @@
+From a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Wed, 7 Mar 2018 22:17:20 +1100
+Subject: KVM: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+commit a8b48a4dccea77e29462e59f1dbf0d5aa1ff167c upstream.
+
+This fixes a bug where the trap number that is returned by
+__kvmppc_vcore_entry gets corrupted.  The effect of the corruption
+is that IPIs get ignored on POWER9 systems when the IPI is sent via
+a doorbell interrupt to a CPU which is executing in a KVM guest.
+The effect of the IPI being ignored is often that another CPU locks
+up inside smp_call_function_many() (and if that CPU is holding a
+spinlock, other CPUs then lock up inside raw_spin_lock()).
+
+The trap number is currently held in register r12 for most of the
+assembly-language part of the guest exit path.  In that path, we
+call kvmppc_subcore_exit_guest(), which is a C function, without
+restoring r12 afterwards.  Depending on the kernel config and the
+compiler, it may modify r12 or it may not, so some config/compiler
+combinations see the bug and others don't.
+
+To fix this, we arrange for the trap number to be stored on the
+stack from the 'guest_bypass:' label until the end of the function,
+then the trap number is loaded and returned in r12 as before.
+
+Cc: stable@vger.kernel.org # v4.8+
+Fixes: fd7bacbca47a ("KVM: PPC: Book3S HV: Fix TB corruption in guest exit path on HMI interrupt")
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/book3s_hv_rmhandlers.S |    8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/arch/powerpc/kvm/book3s_hv_rmhandlers.S
++++ b/arch/powerpc/kvm/book3s_hv_rmhandlers.S
+@@ -308,7 +308,6 @@ kvm_novcpu_exit:
+ 	stw	r12, STACK_SLOT_TRAP(r1)
+ 	bl	kvmhv_commence_exit
+ 	nop
+-	lwz	r12, STACK_SLOT_TRAP(r1)
+ 	b	kvmhv_switch_to_host
+ 
+ /*
+@@ -1136,6 +1135,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_300)
+ 
+ secondary_too_late:
+ 	li	r12, 0
++	stw	r12, STACK_SLOT_TRAP(r1)
+ 	cmpdi	r4, 0
+ 	beq	11f
+ 	stw	r12, VCPU_TRAP(r4)
+@@ -1445,12 +1445,12 @@ mc_cont:
+ 1:
+ #endif /* CONFIG_KVM_XICS */
+ 
++	stw	r12, STACK_SLOT_TRAP(r1)
+ 	mr 	r3, r12
+ 	/* Increment exit count, poke other threads to exit */
+ 	bl	kvmhv_commence_exit
+ 	nop
+ 	ld	r9, HSTATE_KVM_VCPU(r13)
+-	lwz	r12, VCPU_TRAP(r9)
+ 
+ 	/* Stop others sending VCPU interrupts to this physical CPU */
+ 	li	r0, -1
+@@ -1816,6 +1816,7 @@ END_FTR_SECTION_IFSET(CPU_FTR_POWER9_DD1
+ 	 * POWER7/POWER8 guest -> host partition switch code.
+ 	 * We don't have to lock against tlbies but we do
+ 	 * have to coordinate the hardware threads.
++	 * Here STACK_SLOT_TRAP(r1) contains the trap number.
+ 	 */
+ kvmhv_switch_to_host:
+ 	/* Secondary threads wait for primary to do partition switch */
+@@ -1868,11 +1869,11 @@ BEGIN_FTR_SECTION
+ END_FTR_SECTION_IFSET(CPU_FTR_ARCH_207S)
+ 
+ 	/* If HMI, call kvmppc_realmode_hmi_handler() */
++	lwz	r12, STACK_SLOT_TRAP(r1)
+ 	cmpwi	r12, BOOK3S_INTERRUPT_HMI
+ 	bne	27f
+ 	bl	kvmppc_realmode_hmi_handler
+ 	nop
+-	li	r12, BOOK3S_INTERRUPT_HMI
+ 	/*
+ 	 * At this point kvmppc_realmode_hmi_handler would have resync-ed
+ 	 * the TB. Hence it is not required to subtract guest timebase
+@@ -1950,6 +1951,7 @@ END_MMU_FTR_SECTION_IFSET(MMU_FTR_TYPE_R
+ 	li	r0, KVM_GUEST_MODE_NONE
+ 	stb	r0, HSTATE_IN_GUEST(r13)
+ 
++	lwz	r12, STACK_SLOT_TRAP(r1)	/* return trap # in r12 */
+ 	ld	r0, SFS+PPC_LR_STKOFF(r1)
+ 	addi	r1, r1, SFS
+ 	mtlr	r0
diff --git a/queue-4.14/kvm-ppc-book3s-hv-fix-vrma-initialization-with-2mb-or-1gb-memory-backing.patch b/queue-4.14/kvm-ppc-book3s-hv-fix-vrma-initialization-with-2mb-or-1gb-memory-backing.patch
new file mode 100644
index 00000000000..82f626179e6
--- /dev/null
+++ b/queue-4.14/kvm-ppc-book3s-hv-fix-vrma-initialization-with-2mb-or-1gb-memory-backing.patch
@@ -0,0 +1,54 @@
+From debd574f4195e205ba505b25e19b2b797f4bcd94 Mon Sep 17 00:00:00 2001
+From: Paul Mackerras <paulus@ozlabs.org>
+Date: Fri, 2 Mar 2018 15:38:04 +1100
+Subject: KVM: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing
+
+From: Paul Mackerras <paulus@ozlabs.org>
+
+commit debd574f4195e205ba505b25e19b2b797f4bcd94 upstream.
+
+The current code for initializing the VRMA (virtual real memory area)
+for HPT guests requires the page size of the backing memory to be one
+of 4kB, 64kB or 16MB.  With a radix host we have the possibility that
+the backing memory page size can be 2MB or 1GB.  In these cases, if the
+guest switches to HPT mode, KVM will not initialize the VRMA and the
+guest will fail to run.
+
+In fact it is not necessary that the VRMA page size is the same as the
+backing memory page size; any VRMA page size less than or equal to the
+backing memory page size is acceptable.  Therefore we now choose the
+largest page size out of the set {4k, 64k, 16M} which is not larger
+than the backing memory page size.
+
+Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/powerpc/kvm/book3s_hv.c |   12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/arch/powerpc/kvm/book3s_hv.c
++++ b/arch/powerpc/kvm/book3s_hv.c
+@@ -3618,15 +3618,17 @@ static int kvmppc_hv_setup_htab_rma(stru
+ 		goto up_out;
+ 
+ 	psize = vma_kernel_pagesize(vma);
+-	porder = __ilog2(psize);
+ 
+ 	up_read(&current->mm->mmap_sem);
+ 
+ 	/* We can handle 4k, 64k or 16M pages in the VRMA */
+-	err = -EINVAL;
+-	if (!(psize == 0x1000 || psize == 0x10000 ||
+-	      psize == 0x1000000))
+-		goto out_srcu;
++	if (psize >= 0x1000000)
++		psize = 0x1000000;
++	else if (psize >= 0x10000)
++		psize = 0x10000;
++	else
++		psize = 0x1000;
++	porder = __ilog2(psize);
+ 
+ 	senc = slb_pgsize_encoding(psize);
+ 	kvm->arch.vrma_slb_v = senc | SLB_VSID_B_1T |
diff --git a/queue-4.14/series b/queue-4.14/series
index 155424e162b..a46dabfb419 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -15,3 +15,6 @@ perf-remove-superfluous-allocation-error-check.patch
 tcp-fix-tcp_repair_queue-bound-checking.patch
 bdi-wake-up-concurrent-wb_shutdown-callers.patch
 bdi-fix-oops-in-wb_workfn.patch
+kvm-ppc-book3s-hv-fix-trap-number-return-from-__kvmppc_vcore_entry.patch
+kvm-ppc-book3s-hv-fix-guest-time-accounting-with-virt_cpu_accounting_gen.patch
+kvm-ppc-book3s-hv-fix-vrma-initialization-with-2mb-or-1gb-memory-backing.patch